input {
  tcp {
    port => "<%= @input_syslog_port %>"
    host => "<%= @input_syslog_host %>"
    type => "syslog"
  }
}

filter {
  if [type] == "syslog" {
    grok {
      overwrite => "message"
      match => [
        "message",
        "%{SYSLOGTIMESTAMP:timestamp} %{IPORHOST:host} (?:%{PROG:program}(?:\[%{POSINT:pid}\])?: )?%{GREEDYDATA:message}"
      ]
    }
    syslog_pri { }
    date {
      # season to taste for your own syslog format(s)
      match => [
        "timestamp",
        "MMM  d HH:mm:ss",
        "MMM dd HH:mm:ss",
        "ISO8601"
      ]
    }
  }
}

filter {
  mutate {
    replace => [ "input_chef_environment", "<%= @chef_environment %>" ]
  }
}
